Aug 22, 2011

Avira AntiVir Personal on Linux (I)

I have always said over and over that the myth about there are no viruses for Linux is absolutely false. Occurs that there are fewer viruses on Linux because it is an open operating system, so many people may contribute quickly to fix its fails. In addition, it is more robust and less used than Windows, thereby hackers have got less interest to break it.

But figure for a moment when you are surfing the net, for instance with Firefox, and it turns out that your browser contains any critical vulnerability, or for example, the web page which you are visiting utilizes Java or Flash, and the versions that you have installed on your Linux system are vulnerable... your computer would be exposed to any attack or malware infection.

Now it is clear that many times, Linux is not really the guilty, but the responsability comes from third-party software. For that reason, I think that it is necessary to have installed a good antivirus on our Linux systems, regardless of the kind of distribution.

There are several good and free antivirus for Linux, such as avast, ClamAV, AVG, but my favourite option is Avira AntiVir. Its main features are:

  • Easy installation through a script.

  • Command Line Scanner: configurable on-demand searches for all malware types (viruses, horms, backdoors, trojans, etc.).

  • Resident guard: configurable on-access actions (block, delete, repair, move and rename) when malware is detected.

  • Heuristic detection.

  • Automatic update for product, scan engine and virus signature file.

The most important characteristic of Avira with regard to other solutions is the AntiVir Guard module (ClamAV has got it too), which runs as a daemon process and it is permanently monitoring all the accesses to the system (on-access) and saving it against possible viruses.

In addition, the AV-Comparatives organization published in April 2011 the last review about On-demand Detection of Malicious Software, and Avira AntiVir reached excellent results.

Other modules belonging to Avira are AntiVir Command Line Scanner (allows to scan files in search of viruses or suspicious elements, and it can be integrated with scripts) and AntiVir Updater (downloads current updates from the Avira web servers, manually or automatically).

Also say that AntiVir Guard is based on DazukoFS, an open source software that provides a kernel module which lets execute online file access control, by intercepting memory and disk calls and passing the information to an user space application, in this case Avira AntiVir. Other applications are also based on Dazuko, such as ClamAV, Panda Security for Linux, F-Secure, etc.

The AntiVir installation package supplies a DazukoFS version which is automatically configured and installed (in theory). DazukoFS depends on the kernel version; for this purpose it is better to install manually this module.

Therefore let's get going to download the version 3.1.2 of Dazuko (this number of version works fine with a 2.6.32 kernel) and install it on our testing system, CentOS 6.0 (32 bits). To begin with, I will also get some necessary packages.

[root@centos ~]# yum install gcc make kernel-devel file

[root@centos tmp]# wget http://dazuko.dnsalias.org/files/dazukofs-3.1.2.tar.gz

[root@centos tmp]# tar xvzf dazukofs-3.1.2.tar.gz ; cd dazukofs-3.1.2

Now we are ready to compile and install DazukoFS as a module into our Linux system.

[root@centos dazukofs-3.1.2]# make ; make dazukofs_install

[root@centos dazukofs-3.1.2]# modprobe dazukofs

[root@centos dazukofs-3.1.2]# echo "modprobe dazukofs" >> /etc/rc.modules

[root@centos dazukofs-3.1.2]# chmod +x /etc/rc.modules

Lastly, also point out that the license of this antivirus allows you to install it for a personal use, for instance on your own PC or your home server. Note that if you use AntiVir Guard via DazukoFS, you will need to compile this module when you change the kernel. For production environments I always suggest ClamAV.


No comments:

Post a Comment

Post a Comment